from the basic-understanding dept

Nearly 150 tech companies (including us via the Copia Institute), non-profits and computer security experts have all teamed up to send a letter to President Obama telling him to stop these stupid ideas about backdooring encryption that keeping coming out of his administration. The press headlines will note that big companies -- like Google, Apple, Cisco, Microsoft, Twitter and Facebook -- are signing the letter. But significantly more interesting is the signatures from a huge list of computer security experts, all putting their names down on paper to make it clear what a ridiculously bad idea it is to even think about backdooring encryption. Among those signing on are Phil Zimmermann (who lived through this sort of thing before), Whitfield Diffie (guy who invented public key cryptography), Brian Behlendorf, Ron Rivest, Peter Neumann, Gene Spafford, Bruce Schneier, Matt Blaze, Richard Clarke (long-time counterterrorism guy in the White House), Hal Abelson and many, many more. Basically a who's who of people who actually know what they're talking about.

We urge you to reject any proposal that U.S. companies deliberately weaken the
security of their products. We request that the White House instead focus on
developing policies that will promote rather than undermine the wide adoption of
strong encryption technology. Such policies will in turn help to promote and protect
cybersecurity, economic growth, and human rights, both here and abroad.

Strong encryption is the cornerstone of the modern information economy’s security.
Encryption protects billions of people every day against countless threats—be they street
criminals trying to steal our phones and laptops, computer criminals trying to defraud us,
corporate spies trying to obtain our companies’ most valuable trade secrets, repressive
governments trying to stifle dissent, or foreign intelligence agencies trying to
compromise our and our allies’ most sensitive national security secrets.

Encryption thereby protects us from innumerable criminal and national security threats.
This protection would be undermined by the mandatory insertion of any new
vulnerabilities into encrypted devices and services. Whether you call them “front doors”
or “back doors”, introducing intentional vulnerabilities into secure products for the
government’s use will make those products less secure against other attackers. Every
computer security expert that has spoken publicly on this issue agrees on this point,
including the government’s own experts.

There's much more in the full letter which I highly recommend reading. It very nicely summarizes why this is a completely insane idea, and highlights why anyone raising it should be immediately told to move on to some other project instead:

The Administration faces a critical choice: will it adopt policies that foster a global digital
ecosystem that is more secure, or less? That choice may well define the future of the
Internet in the 21st century. When faced with a similar choice at the end of the last
century, during the so-called “Crypto Wars”, U.S. policymakers weighed many of the
same concerns and arguments that have been raised in the current debate, and correctly
concluded that the serious costs of undermining encryption technology outweighed the
purported benefits. So too did the President’s Review Group on Intelligence and
Communications Technologies, who unanimously recommended in their December 2013
report that the US Government should “(1) fully support and not undermine efforts to
create encryption standards; (2) not in any way subvert, undermine, weaken, or make
vulnerable generally available commercial software; and (3) increase the use of
encryption and urge US companies to do so, in order to better protect data in transit, at
rest, in the cloud, and in other storage.”

The Washington Post quotes another surprising signatory: Paul Rosenzweig, the former Deputy Assistant Secretary for Policy at Homeland Security. If that name sounds familiar, it's because we've quoted his defense of the NSA, once arguing that "too much transparency defeats the very purpose of democracy." If even he is arguing against backdooring encryption, you know it's an idea that should be killed off. In his case, it's because he recognizes the simple reality that seems to have eluded the FBI director:

The signatories include policy experts who normally side with national-security hawks. Paul Rosenzweig, a former Bush administration senior policy official at the Department of Homeland Security, said: “If I actually thought there was a way to build a U.S.-government-only backdoor, then I might be persuaded. But that’s just not reality.”

And the world would be much better off if all of these security experts and companies could focus on better protecting us from harm, rather than having to join in ridiculous debates about what a bunch of clueless bureaucrats think might be some sort of mythical magic unicorn encryption breaker.

from the this-is-the-big-fight dept

There's a really big battle brewing concerning privacy protections online that involves some Silicon Valley tech companies, Ireland and the US government. And chances are this fight is going to get nasty. A few weeks ago, you might have heard that Twitter announced an interesting change in its privacy policy and terms of service, saying that all non-US users would technically now be managed under Twitter International Company, based in Dublin, Ireland. And, last week, Dropbox made a very similar announcement, noting that all non-North American users were now technically under Dropbox Ireland, while users in the US, Canada and Mexico remain under Dropbox in the US. Twitter's new terms go into effect on May 18th, and Dropbox's on June 1st (unless you're opening a new account before then, and the new terms apply immediately).

Over the last decade, Ireland has become a popular destination for US tech firms to set up international operations, in part because of Ireland setting itself up as sort of a tax haven for tech firms via its "Double Irish" tax dodge. A bunch of tech companies have been criticized for this, though the response of "we're following exactly what the law allows" is reasonable enough. Either way, that tax loophole is closing, though others may show up instead.

But this move doesn't seem predicated by that. Instead, there are two related elements that may be at work here. First: Ireland is also seen as having some of the most company-friendly privacy laws in the EU, though those are also coming under some amount of scrutiny. But, at the same time, by claiming that users are now under the Irish company, it gives Twitter and Dropbox at least some power to try to say no to US government requests for information. So, depending on if you're more afraid of government intrusions in your data than corporate intrusions (as I am), then these moves are probably good for your privacy.

Except... the US government still thinks that it can do whatever the hell it wants. First, in some ways, data inside the US has potentially more protections against the US government in a somewhat bizarre way. Whether you believe it or not, the NSA cannot "hack" its way into US computer systems. It can only use the various other processes it has to demand information from companies. Overseas, however, there are no such restrictions. The NSA has interpreted Executive Order 12333 to mean that it can hack into anything overseas, and this was the authority it used to break into the data centers of Google, Yahoo and likely more overseas (sneaking in via Level 3 and others).

But, that still requires hacking into stuff. If US tech companies believe they can successfully fend off such hacks, putting non-US users under Irish law does give them greater protection from the NSA. The NSA can no longer use its other authorities in the US to get the FISA Court to demand information (along with gag orders) from these companies. Or... maybe not. As we've been discussing, there's an ongoing court battle between the US Justice Department and Microsoft, over whether or not the DOJ can issue a warrant demanding Microsoft hand over information stored in Ireland. Microsoft has resisted, but the courts have so far sided with the DOJ. Ireland recognizes this is an important fight, and has asked for the EU to come out in support of Microsoft's position.

US prosecutors will continue to seek data stored in Ireland using a federal search warrant, despite leadership changes at the Justice Department.

A spokesperson confirmed in an email that the department's position has "not changed," two weeks after Loretta Lynch, the Obama administration's choice to head up the federal agency, was confirmed by Congress as the new US attorney general.

This battle is going to be rather important for those other companies seeking to protect users under Irish law. Warrants aren't supposed to apply outside of the US. But the DOJ (and the courts) have been simply making up new laws, in arguing that if it's a US company, but the data is overseas, the warrant magically morphs into a quasi-warrant/subpoena hybrid. But that's ridiculous. Warrants and subpoenas have different purposes and different protections -- and the DOJ wants the best of both worlds. As Microsoft itself explained in one of its legal filings:

The Government's interpretation ignores the profound and well established differences between a warrant and a subpoena. A warrant gives the Government the power to seize evidence without notice or affording an opportunity to challenge the seizure in advance. But it requires a specific description (supported by probable cause) of the thing to be seized and the place to be searched and that place must be in the United States. A subpoena duces tecum, on the other hand, does not authorize a search and seizure of the private communications of a third party. Rather. it gives the Government the power to require a person to collect items within her possession, custody, or control, regardless of location, and bring them to court at an appointed time. It also affords the recipient an opportunity to move in advance to quash. Here, the Government wants to exploit the power of a warrant and the sweeping geographic scope of a subpoena, without having to comply with fundamental protections provided by either. There is not a shred of support in the statute or its legislative history for the proposition that Congress intended to allow the Government to mix and match like this.

This fight is far from over -- and with companies like Twitter and Dropbox now trying to shift more non-US users under Irish laws, the fight with Microsoft is going to become even more important.

And, that's not even getting into the discussion of how all of this is, effectively, driving US businesses overseas. The US's efforts to spy on everyone is, once again, harming the US economy, rather than helping it.

from the almost-every-point-is-wrong dept

Last summer, when President Obama finally got around to nominating a new IP Czar (technically the "Intellectual Property Enforcement Coordinator" or IPEC), Danny Marti, we were at least moderately hopeful that he didn't come out of the usual copyright maximalist/Hollywood/legacy industry camp. Instead, much of his work had been on the trademark front, and thus we'd hoped that maybe his focus would be more limited to issues around counterfeiting (which are also overblown in terms of actual concern -- but which have less of a free speech concern). After months of Congressional stalling, Marti was finally officially given the job a few weeks ago. And one of the first things he did was go give a speech at a "Creativity Conference" put on by the MPAA and Microsoft (yes, really), in which he appeared to repeat a bunch of horribly misleading, to downright wrong, talking points. In short, as a first impression, Marti is a disaster. Take a look:

After kicking off with a weak joke about his job title, he starts right in with the misleading talking points.

Summarizing my job, in the spirit of this conference, I think it's fair to say that the IPEC Office is the Executive branch's "creative conscience."

First of all... what? The role is enforcement, which has nothing whatsoever to do with actual creativity. In the past, with Marti's predecessor, Victoria Espinel, we often wondered why there was an "enforcement coordinator" at all, since the job title itself was so one-sided. If anything, if we were to go by the Constitutional rationale for copyright and patents, the role should be one in which it looks to see how best to "promote the progress of science and the useful arts." And enforcement is often not the best way to do that. In fact, as we've spent years demonstrating, enforcement can often harm the progress of the science and the useful arts. So it's interesting to see Marti suggest that his role is about being a "creative conscience." For a second, I thought that maybe this meant he'd actually consider what was best for creativity -- meaning all creators, not just the few who were lucky enough to be selected by the large legacy gatekeepers. But, no, as you'll quickly learn, by "creative conscience" he actually means "protector of a few legacy gatekeepers who often screw over actual creators."

Part of my job is to make sure that the administration keeps the impact on creativity top of mind when it adopts policies, makes decisions, and takes action.

Again, that's good if we're talking about actual creativity and all creators. But... he's not.

I'm also responsible for helping marshal the federal government's resources to help combat violations of intellectual property. Put simply, my office is dedicated to the protection of the American intellectual property system that helps drive our national economy.

And there we go, right off the tracks. He is focused on protecting the existing system -- even when it is shown to harm creativity, free expression and innovation. That's a problem. Maybe he didn't really mean that? Nope, he means it:

Let there be no mistake and no misunderstanding. Intellectual property is an integral part of the US economy. We're speaking of the spark of genius and the ideas behind transformative inventions, the artistry that goes into books, music and film. The trade secrets that preserve a company's market edge. Or the brands that distinguish our companies and their goods and services.

Already, he's making the cardinal sin of talking about intellectual property that we were just discussing: conflating the "property" piece with the underlying aspect of it. The spark of genius is not intellectual property. The ideas are not intellectual property. The artistry is not intellectual property. The brands are not intellectual property. The specific copyright, patents and trademarks may be property-like entities, but those are not the same thing as the underlying content, inventions or brands. As we noted in our piece about confusing those things, when you do that, your policy suggestions are going to be really, really bad. And you're going to make really silly statements like Marti does next:

Intellectual property helps create marketplaces that help drive economies, domestically and internationally. For example, the "core copyright industries" -- those whose primary purpose is to create, produce, distribute, or exhibit copyrighted materials -- added more than $1 trillion to gross domestic product and created and supported millions of jobs.

That's not true. We've gone through these numbers in the past, and shown how they're simply misleading and no one should be using them to make a serious point. They very broadly define the "core copyright industries" such that any industry that gets copyrights is determined to exist only because of copyright law. And that includes software firms that thrive on giving away services for free and that don't actually rely on their copyrights for anything. Besides, if you want to compare apples to apples, the IIPA who does the study that Marti is relying on, has shown that the "core copyright industry" isn't contributing nearly as much to the economy or economic growth as the internet economy is, and the internet economy is frequently held back by bad copyright laws.

Intellectual property-based industries are among the U.S.'s strongest exporters.

Well, sure, that's true if you argue that any company with a brand is an "intellectual property-based business," but that kind of thinking takes you down the path of arguing that grocery stores are an intellectual property miracle that only exist thanks to trademark law. And that's plainly ridiculous.

Overall, IP industries accounted for over 60% -- Six Zero -- of US exports.

Yes, but no one actually believes any of that is because of intellectual property laws, unless you conflate those laws with the underlying things, like brands.

The recorded music, motion picture, television and video, and software publishing businesses, for example, contributed to sales in foreign markets exceeding $156 billion dollars.

And how much of that is because of copyright law -- and how much of it is because it's content that people find valuable enough to purchase? Marti just ignores the distinction and lumps it all in because of copyright. Also, note, for someone who claims he's focused entirely on being the "creative conscience," his actual focus appears to be almost entirely on the commercial side of the creative ledger.

That is why it's so important to understand and protect IP, to foster legitimate trade, and to open foreign markets to US creative content.

That last one is a "I work for the President and need to give my shout out to the TPP and TTIP agreements" talking point. But, really, what did he say before that shows why it's "so important to understand and protect IP"? Frankly, I don't see anything. He talked a lot about big numbers, but nowhere did he show why strong intellectual property laws made those things possible. And nowhere did he consider that, maybe (just maybe) weaker IP laws may have actually enabled larger markets, or more creativity. That kind of thinking doesn't even enter the equation, which is kind of odd if you're positioning yourself as the "creative conscience."

Does he mention the importance of fair use in enabling creativity? Is he at all concerned about the lack of fair use in these trade agreements that supposedly will "open foreign markets" while stifling free expression?

Without understanding these things, for him to just automatically leap to the claim that we have to "protect" the existing system, it's difficult to take Marti seriously. He appears to be repeating talking points with no understanding at all of the underlying nuances.

The timing of today's event is fitting. Sunday is World Intellectual Property Day -- a global celebration of the role of intellectual property, of innovation, of creativity, in our daily lives.

Is it? Really? No, "World Intellectual Property Day" is a celebration of the legacy gatekeepers that take the copyrights of actual creative people, and push for expanding those laws with no thoughts towards the actual impact on creativity. And the creativity "in our daily lives" is frequently done without the use of intellectual property laws -- and, all too frequently, conflicts with those laws.

This year's theme is "Get Up, Stand Up. For Music" invoking Bob Marley and Peter Tosh's tune, to illustrate how song can serve as a call to action.... Bob Marley's song serves as an endearing, international anthem for human rights. Let us tap into this spirit, this call to action, to speak up for artistic communities, the world over.

Right. Like, remember that time that Bob Marley's family tried to reclaim the copyrights to two of his albums, including "Burnin'" where "Get Up, Stand Up" first was released? And remember how Universal Music fought that and won, so that Universal Music got to keep the copyright, as opposed to the Marley family? Thank goodness Universal still holds the copyright, or perhaps they would have had to pay Marley's family for the right to use that theme for this year's "World Intellectual Property Day," right?

Yes, ladies and gentlemen, Danny Marti is the US's "creative conscience"... for the giant multinational corporations against the actual creative folks out there. And, really, whose brilliant idea was it to use Jamaican music as a call for stronger IP laws -- when anyone even remotely familiar with the history of popular Jamaican music, knows that it involved rampant copying and remixing of others' songs, no concern about copyright at all (until foreign record labels jumped in and started divvying up the pie) and near endless creativity from that ability to remix and try new things. That's not exactly a ringing endorsement for stronger copyright laws.

And, again, if we're speaking up for "artistic communities, the world over," how about those who are being blocked from creating new works due to overbearing copyright laws? How about those who are being sued for having a song that has a similar feel to another song? Do they count?

Let us stand up for art. Let us stand up for the artist. Let us stand up to respect the artist's right to make a living off of his or her artistic labor.

Yes, unless you're Bob Marley's family. Then let us stand up for Universal Music's right to go to court to block the Marley family from that right! Or, unless you're a remix artist creating wonderful new songs by building on the works of the past.

Also, where in the constitution does it say that anyone has a "right to make a living off of his or her artistic labor?" I have many friends who "labor" quite hard in making music, but don't make livings from it. Should I send them to Marti to solve that? Will he "marshal the federal government" to make sure they make a living?

Because this is another nefarious myth. You have no "right" to make a living from your labor. People might just not value it enough to pay for it. Or you might not be offering it in a format that people will pay. What about my friends who were journalists over at GigaOm, which recently went out of business? They were creating many written words, and laboring very hard at it. But the company went out of business. But if we believe they have "a right to make a living" from their creative labor, shouldn't they be guaranteed a living? Everyone knows that's crazy. So why do we repeat the myth when it comes to music? Most musicians -- in fact, nearly every musician -- has never "made a living" off of their music. Only a very few have. And it's not because they had a "right" to make a living.

And let us stand up to forcefully reject those who believe that the theft of one's creative output is somehow acceptable. It is not.

Of course, we're back to the misleading use of "theft." Do we consider what UMG did to Bob Marley's estate "theft"? Someone should ask Marti. Does he consider Pharrell and Robin Thicke writing a song with a similar "feel" to a Marvin Gaye song as "theft"? Does he consider a woman posting a 30-second video of her child dancing to a Prince song "theft"? Does he consider artists like Kutiman as theft? Does he consider artists like Led Zeppelin and Bob Dylan -- many of whose greatest works where near note-for-note replicas of others' songs -- engaged in theft?

Because any honest discussion of creativity and intellectual property laws has to be able to take into account all of these situations, and the word "theft" doesn't really cut it -- which is also why that's not what the law says. You'd think that the guy whose role is to help enforce the law would understand that copying a song isn't "theft." It's worrisome that he does not.

When we speak of the role of creativity in our lives, we're also speaking about human expression, building communities. The sharing of stories -- whether through print, music or film -- brings people together, fosters discussion, builds bridges and helps create common identity.

Of course, if that "discussion" or "common identity" strays too far, such as in creating a derivative work, that may be seen as infringement (or in Marti's world "theft") and thus he will "marshal the forces of the federal government" to bring you down. All in an effort to protect the glorious markets of the creative conscience.

Our digital lives have only helped to accelerate these discussions, bringing people together and bringing their stories closer.

And, because of that, the US government has been actively shutting down websites where those discussions happen and pushing for laws to throw the operators of the websites in jail.

And in order to further that, we must strive to build not only an open internet, but a safe, secure and stable one.

In other words, not really an open internet. But one that is limited and controlled by multinational gatekeepers. Either way... I feel that we're rapidly approaching the administration's favorite buzzword. I know it's coming, I just know it... and...

One way the administration is seeking to do just that is by fostering multistakeholder processes in which all participants in the ecosystem -- government, the private sector, and civil society -- can play a role in encouraging positive internet behavior and marginalizing anti-social and, indeed, criminal behavior.

Multistakeholder! Bingo! What do I win? Oh, someone now arguing that rather than encouraging freedom of expression and an open internet, we should try to look for ways to stamp out "anti-social behavior" online. Hmm. Anti-social behavior? Wouldn't that bar songs like "Get Up, Stand Up" that could be seen as "anti-social" in encouraging the public to stand up for their own rights when they are being taken away from them by their government? Rights like freedom of expression?

Protecting and advancing a community starts with action by its members. We need to stand up for what is good and reject what is unfair.

I think freedom of expression is good. I think shutting down websites that were blogging about music is unfair. I think that supporting programs for site blocking, that take down free speech, is unfair. I think a system that prioritizes the ability of large multinationals to block innovation is "unfair." Yet, these all seem to be things that IPEC supports.

Stakeholder responsibility will create an environment conducive to creativity.

Let me translate this for you: "Search engines should start censoring sites that the MPAA dubs "unfair" because they challenge the MPAA's business model."

It will benefit those who make a living producing creative works.

Unless, like Dan Bull (who makes his living producing creative works), you relied on sites like Megaupload to distribute those works and the US government shut it down.

It will benefit those who enjoy those works.

Unless you no longer have access to them, thanks to US courts censoring them.

Respecting IP not only encourages creativity, it also promotes the technologies for communicating that creativity. This bears repeating. Respecting IP not only encourages creativity, it also promotes the technologies for communicating that creativity.

How? This is a serious question, but I'd like someone to answer it, because history doesn't come even remotely close to supporting that claim as can be seen by Marti's next ridiculous statement:

The desire to tell stories to even wider audiences in even more vivid ways, has a long chain of technological innovation, creating new industries along the way. From printing, to radio, to film and television, and now, of course, the internet economy.

And each and every single one of those was decried initially by the legacy forces -- the gatekeepers who controlled the previous industries. The printing press was in a time before copyright, but obviously shook the very foundations of society by helping to break it out from Church control. The radio resulted in a massive legal fight as the record labels tried to kill it in its early days. The film industry moved to Hollywood to avoid enforcement of the patents of Thomas Edison, and often relied on copyrighting the innovations of others in the industry. When television came along, the film industry also freaked out and tried to hamper it -- especially innovations like the VCR. And, of course, the internet. We've had lawsuits against search engines, video platforms, MP3 players, book indexes and more. If we "respected" IP in the terms of the legacy gatekeepers, we'd have none of those innovations.

Look, I get it: Marti's very job description basically says that he needs to take on the role of propping up the interests of the legacy gatekeepers. But, at the very least, his predecessor, Victoria Espinel, seemed willing to recognize that there was a lot more to what was going on than the one-sided version of history presented by those gatekeepers. Espinel was at least open to the idea that too much IP could create more problems than good things. Marti shows no sign of this recognition, and seems so thoroughly bought into a single world view of intellectual property that he didn't even realize just how ridiculous it was for anyone in the "intellectual property" world to cite Bob Marley as a good example of supporting creators.

So go on, Marti, "Get Up, Stand Up!" but recognize that what you're standing up for, is not for the "creative conscience" or for creators themselves, but those who seek to be gatekeepers on that creativity.

from the good-deals-on-cool-stuff dept

Even with the rising popularity of Google Drive and other online productivity apps, Microsoft Office is still king in the corporate world (probably due to inertia more than any other reason). You can brush up on your skills with 96% off of the Microsoft Office Mastery Bundle. They're offering courses in Excel, Word, PowerPoint, Outlook and SharePoint Access (note that you need to have these programs in order to complete the instruction). You will gain access to hundreds of hours of material for 12 months so you can learn at your own speed.

Note: We earn a portion of all sales from Techdirt Deals. The products featured do not reflect endorsements by our editorial team.

from the bait-and-switch dept

Pay attention to the gaming scene and the way gamers interact with game companies and journalists and you'll see that times are a little tense these days. Without diving into any of the debates currently being had throughout Gamerdom (Gamerstan? Gaming Nation?), let's just all agree that there is a big fat trust vacuum at the moment and that this vacuum is being filled by all kinds of reactions, some of which are reasonable, some of which are silly and overreaching. What's happened since in the last year or so has exacerbated the distrust to the point where companies operate on tip-toes with their audiences or they suffer the consequences. What cannot be done in a time like this, if a company wants to make money and keep its fanbase loyal, is to further breach that trust.

Today, the Xbox YouTube channel released a rad new video for the upcoming role-playing game The Witcher 3. There’s just one problem: it’s not actually running on an Xbox. Whoops. Yep, despite that XBOX logo stamped on the bottom right corner of the above video, this is actually footage from the (presumably better-looking) PC version of the game. The easiest way to tell? You can run the YouTube video at 60 frames-per-second; the developers of The Witcher 3 (out May 19 for PS4/XB1/PC) have specified that the console versions are actually locked at 30 FPS.

Now, I can already hear every person on the planet who either isn't a gamer at all or is a casual gamer at most screaming, "There's no way this is a big deal!" And, ultimately, they're right, it's not the hugest issue in gaming today. Game-makers play these kinds of tricks all the time, whether it's showing the wrong version of the game, passing off cut-scenes as gameplay elements, or promoting features in games that aren't present upon release. But the tolerance for these tricks is completely gone. It's now common to see disclaimers that footage isn't actually of gameplay, or that the footage is from one version of the game or another. And, while the Xbox channel did eventually edit to include a disclaimer that the footage was from the PC version of the game, the bait-and-switch nature of all this seems more inexplicable when it appears on the YouTube page for the console itself.

Next thing you know, prospective customers are crying foul and the game developer, CD Projeck Red, a company that is generally awesome in terms of being customer friendly, suddenly has to scramble to assure its fans that it had no idea Microsoft was doing any of this. Again, no reason not to believe them, but in the trust vacuum everyone might be in on the conspiracy and blowback is done via carpet-bomb instead of in a measured way.

Is this false advertising or an inadvertent error? I have no idea, but I do know that gaming companies can't make these errors and think they can get away with it at the moment.

from the urls-we-dig-up dept

Passwords are an everyday part of life now, but so are stories of millions of people having their login credentials stolen. It's easy to say that everyone should use better passwords, but how many people really want to remember to constantly change their passwords or get a 2-factor authentication call regularly just to check their emails? Sure, there are some systems that make it a bit easier to deal with 2-factor authentication, but the vast majority of users don't want to be bothered with the hassle at all. Here are just a few more security-related links to push you into re-thinking password laziness.

from the back-in-the-ussr dept

One of the most wonderful sights to see in the gaming community, particularly in the PC gaming community, is what a combination of a loyal fan-base and a strong modding community can produce. This is particularly so when the mods released are clear and active attempts at doing nothing more than making the original product even better. You see this all the time in PC gaming -- old games being yanked into the present, an increase the replayability of a classic, and even all-new sub-games created out of the original. All of this done through a modding community that loves the original work produced by game designers. Some gaming companies embrace the modding community, while some don't. Which way they go is typically decided by just how much control the company generally wants to exert over its product.

Guess which way Microsoft tends to go? Well, they tend to be the protectionist sort, but a recent story about the release of a new free-to-play Halo game, Halo Online, both puzzled me and amused me. The puzzled part came from Microsoft firmly insisting that the release would be available for play in Russia only, which...what the hell? Even the excuse of a long testing period in a Russia-only beta setting is, well, kind of strange.

Microsoft: Right now our focus is on learning as much as we can from the closed beta period in Russia. Theoretically, any expansion outside of Russia would have to go through region-specific changes to address player expectations.

Note that availability of the game to markets outside of Putin-ville is theoretical at this point. Except not really, of course, and that's where the amusement came from. Because if the alchemy ingredients for mods is a loyal fan-base, something begging for modification, and a capable modding community, everyone had to know that restricting this to Russia was going to be a barrier tested by the public before too long. It turns out that "before too long" meant in the past few weeks, because modders were already posting information on their work to free Halo from Russian imprisonment when Microsoft caught wind and fired off a DMCA notice to the host site.

Modders have been mucking about with the leaked Halo Online files to unlock features, with one team creating a game launcher called ‘ElDorito.’ But all that work came to screeching halt yesterday after Microsoft sent a DMCA takedown notice to Github, who was hosting the files. The site quickly complied. Microsoft sent the following notice to Github:

"We have received information that the domain listed above, which appears to be on servers under your control, is offering unlicensed copies of, or is engaged in other unauthorized activities relating to, copyrighted works published by Microsoft," the company wrote in a DMCA notice to Github.

Under other circumstances, that might be the end of the story, except that these are game modders we're talking about. When they commit, they're committed, and their work tends to mean that they're the sort of types who know how to route around these sorts of attacks. Now, to be clear, Microsoft certainly has the right to try to kill off these modders' work, but they're going to have to try a lot harder than a single DMCA if they want to really have this battle.

"In terms of DMCA/C&D mitigation, we have made redundant git backups on private and public git servers. This is to ensure we will always have one working copy. These are being synchronized so that data is always the same," [modder] Woovie explains. "Further DMCAs may happen potentially, it’s not really known at the moment. Our backups will always exist though and we will continue until we’re happy."

Team member Neoshadow42 says that, as a game developer himself, he sympathizes with Microsoft to a point about protecting ones copyrighted material:

"As someone involved in game development, I’m sympathetic with some developers when it comes to copyright issues. This is different though, in my opinion,” the dev explains. "The game was going to be free in the first place. The PC audience has been screaming for Halo 3 for years and years, and we saw the chance with this leak. The fact that we could, in theory, bring the game that everyone wants, without the added on stuff that would ruin the game, that’s something we’d be proud of."

Making the moral equation here slightly more complicated is that the things that "would ruin the game" don't only refer to the geo-restrictions, but to other game "features" as well, such as in-game microtransactions that almost uniformly piss off the PC gaming community. The modding team has aimed at removing those from the game as well, which, given that this is a free-to-play game, might break the business model Microsoft set up for the game. I expect Microsoft to continue battling for control of its product, as well as for the game's restrictions and microtransactions.

Ultimately, this is a damned shame, because there's a lesson to be learned from all of this and that lesson is not that the modding community is the enemy of the game designer. This is pure market testing at its finest. What this entire episode clearly outlines for Microsoft, were it willing to listen, is that potential customers want wider availability for the beta version of the game (as in, not restricted along national borders) and don't want annoying microtransactions in a Halo game. And if they want those things, fans will be willing to pay for them. Should Microsoft continue with its plan to not meet customer demand, those customers likely won't go unfulfilled, they'll simply find their pleasure in the form of a mod from a strong modding community that Microsoft wants to play whac-a-mole with, rather than listen to the wants of its customers.

from the the-cleaner dept

As we've been noting, both Lenovo and Superfish have been bungling their way through the response to the fact that they introduced a massive security hole in the way that Superfish's adware/malware dealt with HTTPS protected sites (by using a self-signed root certificate that was incredibly easily hacked, allowing basically anyone to create a simple man in the middle attack). Lenovo has been going through the motions, first insisting there was no security concern, then arguing that the concerns were theoretical and then quietly deleting its statement about the lack of security problems with Superfish. It also posted some instructions on removing both the software and the root certificate, and promised to have an automated system soon.

Superfish, on the other hand, has remained almost entirely silent. It gave some reporters bland statements insisting that there was no security risk, that it "stood by" Lenovo's statement, and insisted that Lenovo would come out with a statement that showed Superfish was not responsible for any of this mess. It also insisted that the company was fully "transparent" in how its software worked, but that's clearly not the case, because nowhere do they say "we create a massive man in the middle attack just so we can insert advertising images into your HTTPS surfing." At the time of writing this, Superfish appears to have nothing on its website about all of this. Its Twitter feed's last post, from yesterday mid-day simply says that Lenovo "will be releasing detailed information at 5 p.m. EST today."

Except, it did not. That's about when it modified its original "nothing to see here" statement, with instructions on how to remove Superfish. It did not, as Superfish had previously told journalists, include a statement "with all of the specifics that clarify that there has been no wrongdoing on our end." In fact, it still looks very much like there was tremendous wrongdoing on the part of Superfish in the way it decided to implement its technologies. And that's not even getting into Superfish's sketchy history.

In the end, while Lenovo and Superfish are flailing around, it was left to Microsoft to come in and clean up the mess, pushing out a Superfish Fix to its Windows Defender product:

Microsoft just took a major step towards rooting out the Superfish bug, which exposed Lenovo users to man-in-the-middle attacks. Researchers are reporting that Windows Defender, Microsoft's onboard anti-virus software, is now actively removing the Superfish software that came pre-installed on many Lenovo computers. Additionally, Windows Defender will reset any SSL certificates that were circumvented by Superfish, restoring the system to proper working order. It's a crucial fix, as many security professionals had been struggling to find a reliable method for consistently and completely undoing the harmful effects of the bug. To make sure the fix takes effect, any Superfish-affected Windows users should update their version of Windows Defender within the program and scan as soon as possible.

Perhaps it's not surprising that Superfish is struggling to figure out how to deal with this sudden attention as a smaller company, but Lenovo should have been on top of this issue much, much faster.

from the misfire dept

And on it goes. In the wake of the Charlie Hebdo attacks, much of the world rallied around a French magazine's free speech right to publish controversial text and images concerning Islam, a major world religion. Since that solidarity was expressed, France has strategically sought to undermine its own support of free expression through some of the most arcane law enforcement actions concerning speech to date. From arresting comedians, to threats against news organizations, all the way to stepping into the muck with a bunch of racist idiots, France has shown that it's not a country that defends free and open speech -- but rather one that only defends the speech with which it agrees. But if any of that troubled you, you may be disappointed to learn that it was only the precursor to a full on attack on free speech on the internet.

President Francois Hollande said Tuesday in Paris the government will present a draft law next month that makes Internet operators “accomplices” of hate-speech offenses if they host extremist messages. Interior Minister Bernard Cazeneuve said he will travel to the U.S. to seek help from the heads of Twitter Inc. (TWTR) and Microsoft Corp. (MSFT) as well as Google and Facebook. Spokesmen for the companies did not immediately return requests for comment.

It's exactly the wrong move on France's part. What was once a rallying moment for Western values and open speech has now devolved into a full-on attempt to censor speech online. If this law passes, internet services will have no choice but to seek to proactively censor all sorts of speech just to avoid liability. It's the exact opposite of the systems and policies that made the internet such a welcome home to free expression.

It would be one thing if any part of this plan made even the least bit of sense, which it doesn't, but where this gets really stupid is in the strategic impact this would have were it to be put in place. Extremists that have since gathered online will now be pushed back into places where they cannot be so easily monitored. What was essentially a honeypot of sorts will be neutered. How does that make even the smallest amount of sense, even throwing aside the horrific implications this has on France's willingness to censor speech it does not care for?

Add to that the purely hamfisted attempt to label innocent service providers as "accomplices" under the shade of a recent terror attack, and you might think this couldn't get any more cynical. You'd be wrong.

Hollande, speaking at a Paris memorial for Jews deported during World War II, said he would discuss a crackdown on racist and extremist Internet posts with global leaders at a ceremony at Auschwitz, Poland, on Tuesday as they meet to commemorate the death camp’s liberation 70 years ago. At last week’s World Economic Forum in Davos, Switzerland, Hollande called on Internet companies to help identify and shut down illegal content. France has laws against making racist statements or denying the Holocaust.

Just so everyone is clear, the victims of a Nazi book-burning and speech-restricting regime are being propped up as a rallying point for the further restriction of speech and writing. That goes beyond hubris and enters the realm of the bizarrely cruel. France has a problem on its hands: speech is under attack by Islamic extremists. The answer to that cannot be the attack of other forms of speech. All that does is lend credibility to the enemy's wishes. Why would France want to do that?

from the stupid-this-had-to-happen-in-the-first-place dept

We've written a few times about Rockstar Consortium, a giant patent troll that was created when Microsoft and Apple (and a few others) teamed up to outbid Google, Intel (and a few others) in buying thousands of Nortel patents. Nortel admitted that it had bulked up on many of these patents for defensive measures, but once Nortel went bankrupt they went to the highest bidder (and the bidding went pretty damn high). The winners of the bidding kept a few of the patents for themselves, but then dumped them all into "Rockstar Consortium" which was a new giant patent troll and which, importantly, was not subject to promises that Apple and Microsoft initially made (to avoid antitrust problems) to license the patents under reasonable terms.

Last year, Rockstar launched its massive patent attack on Android, suing basically all the major Android phone makers and Google. While some have argued that big company v. big company patent attacks aren't a form of patent trolling, some of us disagree. This, like most patent trolling, is just trying to extract money from companies and has nothing to do with actual innovation. In the tech world, some have referred to this kind of thing as "privateering" in which a big company puts the patents into a shell company to hide their trolling activity.

Either way, it appears that a settlement of sorts has been reached, with Rockstar Consortium agreeing to sell its patents to RPX (with Google and Cisco picking up much of the bill). RPX is sort of the "good version of Intellectual Ventures." It's a company that collects a bunch of patents with the goal of using those patents for member companies for defensive purposes. Even though RPX has generally been "good," the business model basically lives because of patent trolling. Its very existence is because of all the patent trolling and abuse out there. In this case, though, it's making sure that basically anyone can license these patents under FRAND (fair and reasonable, non-discriminatory) rates. The price being paid is approximately $900 million. While that article points out that this is considerably less than the $4.5 billion Microsoft and Apple paid originally, again, this is only 4,000 of the 6,000 patents, and you have to assume the 2,000 the other companies kept were the really valuable patents.

In short, this is basically Google and Cisco (with some help from a few others) licensing these patents to stop the majority of the lawsuits -- while also making sure that others can pay in as well should they feel threatened. Of course, Microsoft, Apple and the others still have control over the really good patents they kept for themselves, rather than give to Rockstar. And the whole thing does nothing for innovation other than shift around some money.

Cisco's Mark Chandler celebrated the deal as a "common sense" solution. And, it certainly beats all out patent litigation war. But it's still just about moving money around, rather than encouraging innovation. He notes that in settling this as a group, it helps keep things from getting totally out of control:

While we have no quarrel with companies using their patents to stop the copying of differentiating features without permission... the driving up of patent valuations as each side in the war sought to bulk up for battle ended up serving no one other than lawyers and middlemen.

In the end, this is a better solution than years of legal battles. Making this offering open to others (at least for a limited time) is also a better result than might otherwise have been achieved. But it still shows how patents are abused and misused to shake down companies, rather than for any legitimate purpose. And, as Chandler also notes, the real issue still has to come down to fixing the broken patent system:

What is most critical, however, is changing the law to level the playing field and restore a patent system that rewards innovation, not litigation gamesmanship. The chance will come later this spring to enact meaningful patent reform. We will be there as advocates, and hope you will be too.